# Prow service accounts --- apiVersion: v1 kind: ServiceAccount metadata: annotations: iam.gke.io/gcp-service-account: prow-build-trusted@k8s-infra-prow-build-trusted.iam.gserviceaccount.com name: prow-build-trusted namespace: test-pods --- kind: ServiceAccount apiVersion: v1 metadata: annotations: iam.gke.io/gcp-service-account: prow-deployer@k8s-infra-prow-build-trusted.iam.gserviceaccount.com name: prow-deployer namespace: test-pods # Specialized infrastructure access service accounts --- kind: ServiceAccount apiVersion: v1 metadata: annotations: iam.gke.io/gcp-service-account: k8s-cve-feed@k8s-infra-prow-build-trusted.iam.gserviceaccount.com name: k8s-cve-feed namespace: test-pods --- kind: ServiceAccount apiVersion: v1 metadata: annotations: iam.gke.io/gcp-service-account: k8s-metrics@k8s-infra-prow-build-trusted.iam.gserviceaccount.com name: k8s-metrics namespace: test-pods --- kind: ServiceAccount apiVersion: v1 metadata: annotations: iam.gke.io/gcp-service-account: k8s-triage@k8s-infra-prow-build-trusted.iam.gserviceaccount.com name: k8s-triage namespace: test-pods --- kind: ServiceAccount apiVersion: v1 metadata: annotations: iam.gke.io/gcp-service-account: k8s-keps@k8s-infra-prow-build-trusted.iam.gserviceaccount.com name: k8s-keps namespace: test-pods --- kind: ServiceAccount apiVersion: v1 metadata: annotations: iam.gke.io/gcp-service-account: k8s-testgrid-config-updater@k8s-infra-prow-build-trusted.iam.gserviceaccount.com name: k8s-testgrid-config-updater namespace: test-pods # Infrastructure management service accounts --- apiVersion: v1 kind: ServiceAccount metadata: annotations: iam.gke.io/gcp-service-account: k8s-infra-gcp-auditor@kubernetes-public.iam.gserviceaccount.com name: k8s-infra-gcp-auditor namespace: test-pods --- kind: ServiceAccount apiVersion: v1 metadata: annotations: iam.gke.io/gcp-service-account: k8s-infra-dns-updater@kubernetes-public.iam.gserviceaccount.com name: k8s-infra-dns-updater namespace: test-pods --- kind: ServiceAccount apiVersion: v1 metadata: annotations: iam.gke.io/gcp-service-account: gsuite-groups-manager@k8s-gsuite.iam.gserviceaccount.com name: gsuite-groups-manager namespace: test-pods --- kind: ServiceAccount apiVersion: v1 metadata: annotations: iam.gke.io/gcp-service-account: tf-monitoring-deployer@kubernetes-public.iam.gserviceaccount.com name: tf-monitoring-deployer namespace: test-pods # Image promotion service accounts --- kind: ServiceAccount apiVersion: v1 metadata: annotations: iam.gke.io/gcp-service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com name: k8s-infra-gcr-promoter namespace: test-pods --- kind: ServiceAccount apiVersion: v1 metadata: annotations: iam.gke.io/gcp-service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod-bak.iam.gserviceaccount.com name: k8s-infra-gcr-promoter-bak namespace: test-pods --- kind: ServiceAccount apiVersion: v1 metadata: annotations: iam.gke.io/gcp-service-account: k8s-infra-promoter@k8s-artifacts-prod.iam.gserviceaccount.com name: k8s-infra-promoter namespace: test-pods # Staging service accounts --- apiVersion: v1 kind: ServiceAccount metadata: annotations: iam.gke.io/gcp-service-account: gcb-builder@k8s-infra-prow-build-trusted.iam.gserviceaccount.com name: gcb-builder namespace: test-pods --- kind: ServiceAccount apiVersion: v1 metadata: annotations: iam.gke.io/gcp-service-account: gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com name: gcb-builder-cluster-api-gcp namespace: test-pods --- kind: ServiceAccount apiVersion: v1 metadata: # TODO(upodroid) remove this annotation once the k8s-infra-gcr-promoter k8s SA can assume an AWS IAM Role annotations: iam.gke.io/gcp-service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com name: s3-sync namespace: test-pods